FortiMail 02 System Configuration

8/10/2019 FortiMail 02 System Configuration

1/16

221 - FortiMail Email Filtering System Configura

06-50000-0221-20130726

1

2013 Fortinet Inc. All r ights reserved.

The information contained herein is subject to change without notice. No part of this publication including text, examples, diagrams

or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical

or otherwise, for any purpose, without prior written permission of Fortinet Inc. 06-50000-0221-20130726

System Configuration

Module 2

2

Module Objectives

By the end of this module, you will be able to:

Use CLI and web UI administrative interfaces

Configure initial settings on the FortiMail system

Search FortiMail system logs to obtain data


2/16


06-50000-0221-20130726

3

Web Access

Admin Login

https://192.168.1.99/admin

Webmail Login

https://192.168.1.99

4

Admin Web UI


3/16


06-50000-0221-20130726

5

System Status

6

Admin Menu

Menu options available in the Admin web UI include the following:


4/16


06-50000-0221-20130726

7

System

Dashboard JAVA Based Console Provides direct access to the command line interface via the web GUI

8

Login Customization


5/16


06-50000-0221-20130726

9

Context Sensitive On-line Help

10

Basic and Advanced Mode

Basic Mode

Commonly used options only

Day-to-day operation

Advanced Mode

Full set of menu options


6/16


06-50000-0221-20130726

11

CLI Tree

config system interface

edit

set status {up | down}

set ip

nextend

Command Object

Subcommand Table

Option

Field

Value

12

Quick Start Wizard

Effective way to have the unit up and running in no time by configuring

the following parameters:

Default password for the administrator account

Network and time settings

Local host settings

Protected domains

Incoming and outgoing antispam and antivirus

Access control rules for SMTP Relay

Note: The operational mode cannot be set though the Quick Start Wizard


7/16


06-50000-0221-20130726

13

Configuring Network Interfaces

14

Link Status Propagation

Link status of a port is

propagated to other port(s)

Status of an interface is

linked to the status of another

interface

If associated interface is

down, the interface goes

down too


8/16


06-50000-0221-20130726

15

Link Status Propagation

If the outgoing interface isdown FortiMail unit will

disable the incoming

interface and vice-versa

Downstream load-balancer:

Detects the failure

Removes the appliance from

the LB algorithm to stop mail

forwarding

Sends messages to other units

available in the pool

1. FAILURE

DETECTION

2. STATUS

PROPAGATION

MTA

3. FORTIMAIL IS

REMOVED FROM

THE LB POOL

16

Configuring Routing


9/16


06-50000-0221-20130726

17

Route Selection

The destination IP address is compared to those of the static routes todetermine which route a packet will take

The most specific route will always be chosen

If there is more than one specific route available in the routing table,the FortiMail unit will apply the route with the smallest index number

The index number is a unique value used to identify a route entry inthe routing table and can be determined with the following CLIcommand:get system route

18

DNS Settings

Primary and secondary DNS can be configured using the web UI or the CLI

CLI Configuration:config system dns

set primary 10.0.1.1

set secondary 208.91.112.52end

CLI Configuration:config system dns

set primary 10.0.1.1

set secondary 208.91.112.52end


10/16


06-50000-0221-20130726

19

Administration Options

20

Access Profiles

Access Profiles are used to:

Control which areas an administrator can access

Define the level of permissions in that area


11/16


06-50000-0221-20130726

21

Password Policies

Enforce complex passwords

Apply to administrators, webmail and IBE users

22

Admin Authentication

Authentication types supported include local, RADIUS,

RADIUS+Local, PKI and LDAP


12/16


06-50000-0221-20130726

23

Enable and Disable Message Services

Allows you to turn SMTP, POP3 or IMAP services ON/OFF

Required for vulnerability and security assessment tests when those

services are not in use

CLI configuration:config system mailserver

set smtp-service enable|disable

set pop3-service enable|disable

set imap-service enable|disable

24

FortiMail Log Types

The following types of log messages can be recorded:

History

Emails handled by the FortiMail unit

Event

System and admin related logs

Antivirus

Virus detection and inspection logs

Antispam

Spam related messages

Encryption

Encryption subsystem such as IBE and S/MIME


13/16


06-50000-0221-20130726

25

Log Message Severity Levels

Levels Description

0 Emergency System unstable

1 Alert Immediate action required

2 Critical General functionality affected

3 Error Error condition exists

4 Warning Functionality could be affected

5 Notification Notif ication about normal events

7 Information General system operation

26

History Log Disposition and Classifier

Disposition and Classifierare used to provide extra information

regarding email processing

Disposition defines the action taken by the FortiMail unit

Classifierexplains why such action was taken

For a complete list of Dispositions and Classifiers, refer to the FortiMail

Admin Guide


14/16


06-50000-0221-20130726

27

Logging Storage

Log messages can belogged to local disk

(default option) or to a

remote device (for

example, FortiAnalyzer

system, generic syslog)

Different logging

policies can be

configured based on the

logging location

28

Log Message Correlation

Since different types of log files record different activities, the same

SMTP session may be logged in different types of log files

Click on the Session ID link to display all the logs generated for a

specific SMTP session


15/16


06-50000-0221-20130726

29

Reports

Reports can begenerated directly

from the FortiMail Unit

Generated reports

appear in Monitor >

Reports

30

SNMP

SNMP agent can be enabled on the FortiMail unit to generate SNMP

traps when certain system events or thresholds have been reached

Up to three SNMP communities can be configured on the FortiMail unit


16/16


31

SNMP Support

SNMP message integrity, authentication and encryption

SNMP v1, v2c

SNMP v3

32

SNMP v3 Configuration

FortiMail 02 System Configuration

Documents

Transcript of FortiMail 02 System Configuration